DNN (DotNetNuke) < 5.2.0 SearchResults.aspx XSS

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a ASP.NET application that is affected
by a cross-site scripting vulnerability.

Description :

The version of DNN installed on the remote host is affected by a
cross-site scripting vulnerability due to a failure to properly
sanitize user-supplied input to the 'Search' parameter of the
'SearchResults.aspx' script before using it to generate dynamic HTML
output. An unauthenticated, remote attacker can exploit this, via
specially crafted search terms, to execute arbitrary script code in a
user's browser session.

The installed version is also potentially affected by an information
disclosure vulnerability, although Nessus has not tested for this.

See also :


Solution :

Upgrade to DNN version 5.2.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 42979 (dotnetnuke_search_page_xss.nasl)

Bugtraq ID: 37139

CVE ID: CVE-2009-4110

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial